CVE-2024-41124
MEDIUMPuncia < 0.21 - Missing Encryption of Sensitive Data via HTTP API_URLs
Title source: llmDescription
Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/ARPSyndicate/puncia/security/advisories/GHSA-rwcj-7jjp-4w38
Issue Tracking x_refsource_misc
https://github.com/ARPSyndicate/puncia/issues/8
Scores
CVSS v3
6.3
EPSS
0.0026
EPSS Percentile
17.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-311
CWE-319
Status
published
Products (2)
ARPSyndicate/puncia
< 0.21
pypi/puncia
0 - 0.21PyPI
Published
Jul 19, 2024
Tracked Since
Feb 18, 2026